Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
This page let user upgrade the PESCMS system manually.
Follow the mtUpgrade funtction,the upload file extension must be “zip”
and follow the unzip function
Follow the simulateInstall function and install function,we can see the file decompression in root directory
so,we can create a evil.php
and compression it as evil.zip,and upload the evil.zip,
at last ,the system decompress evil.zip and evil.php in root directory.
The text was updated successfully, but these errors were encountered:
英语水平有限,这里用中文吧: 因为考虑到程序都是内网为主,所以手动更新的程序并没有与官方进行 哈希验证。所以确实会存在一个提权的风险。目前这些各项功能还在调优中,不久将来的版本更新功能将需要与官方的更新包进行哈希验证,匹配正确才会执行更新。
Sorry, something went wrong.
即将发布的新版已经接近此问题。https://github.com/lazyphp/PESCMS-TEAM/tree/dev-2.3.0
No branches or pull requests
This page let user upgrade the PESCMS system manually.

Follow the mtUpgrade funtction,the upload file extension must be “zip”

and follow the unzip function

Follow the simulateInstall function and install function,we can see the file decompression in root directory


so,we can create a evil.php

and compression it as evil.zip,and upload the evil.zip,

at last ,the system decompress evil.zip and evil.php in root directory.

The text was updated successfully, but these errors were encountered: